<?php
include('../config.php');
if (!isset($_FILES['image']['tmp_name'])) {
	echo "";
}else{
	$file=$_FILES['image']['tmp_name'];
	$image= addslashes(file_get_contents($_FILES['image']['tmp_name']));
	$image_name= addslashes($_FILES['image']['name']);
	$image_size= getimagesize($_FILES['image']['tmp_name']);

	
	if ($image_size==FALSE) {
		echo "That's not an image!";
	}else{
		$filename = preg_replace('/\s\s+/','', trim($_FILES["image"]["name"]));
		move_uploaded_file($_FILES["image"]["tmp_name"],"../images/products/" .$filename);
		$location="images/products/".$filename.";";
		$id = mysql_num_rows(mysql_query("SELECT * FROM product"))+1;
		$name=$_POST['name'];
		$manufacture=$_POST['manufacture'];
		$type=$_POST['type'];
		$saleoff=$_POST['saleoff'];
		$originalprice=$_POST['originalprice'];
		$currentquantity=$_POST['currentquantity'];
		$soldquantity=$_POST['soldquantity'];
		$specification=$_POST['specification'];
		$description=$_POST['description'];
		$update=mysql_query("INSERT INTO product (pID, pName, pPicture, pManufacture, pType, psaleoff, pOriginalPrice, pCurrentQuantity,pSoldQuantity, pSpecifications,pDescription)
		VALUES
		('$id','$name','$location','$manufacture','$type','$saleoff','$originalprice','$currentquantity','$soldquantity','$specification','$description')") or die(mysql_error());
		header("location: products.php");
		exit();
	
	}
}
?>
